Mercurial > dropbear
comparison svr-authpasswd.c @ 1641:a2bbc22ea1e6 coverity
merge coverity
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 21 Mar 2019 00:14:38 +0800 |
| parents | 228b086794b7 |
| children |
comparison
equal
deleted
inserted
replaced
| 1610:96e4c9b2cc00 | 1641:a2bbc22ea1e6 |
|---|---|
| 46 return constant_time_memcmp(a, b, la); | 46 return constant_time_memcmp(a, b, la); |
| 47 } | 47 } |
| 48 | 48 |
| 49 /* Process a password auth request, sending success or failure messages as | 49 /* Process a password auth request, sending success or failure messages as |
| 50 * appropriate */ | 50 * appropriate */ |
| 51 void svr_auth_password() { | 51 void svr_auth_password(int valid_user) { |
| 52 | 52 |
| 53 char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ | 53 char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ |
| 54 char * testcrypt = NULL; /* crypt generated from the user's password sent */ | 54 char * testcrypt = NULL; /* crypt generated from the user's password sent */ |
| 55 char * password; | 55 char * password = NULL; |
| 56 unsigned int passwordlen; | 56 unsigned int passwordlen; |
| 57 | |
| 58 unsigned int changepw; | 57 unsigned int changepw; |
| 59 | |
| 60 passwdcrypt = ses.authstate.pw_passwd; | |
| 61 | |
| 62 #ifdef DEBUG_HACKCRYPT | |
| 63 /* debugging crypt for non-root testing with shadows */ | |
| 64 passwdcrypt = DEBUG_HACKCRYPT; | |
| 65 #endif | |
| 66 | 58 |
| 67 /* check if client wants to change password */ | 59 /* check if client wants to change password */ |
| 68 changepw = buf_getbool(ses.payload); | 60 changepw = buf_getbool(ses.payload); |
| 69 if (changepw) { | 61 if (changepw) { |
| 70 /* not implemented by this server */ | 62 /* not implemented by this server */ |
| 71 send_msg_userauth_failure(0, 1); | 63 send_msg_userauth_failure(0, 1); |
| 72 return; | 64 return; |
| 73 } | 65 } |
| 74 | 66 |
| 75 password = buf_getstring(ses.payload, &passwordlen); | 67 password = buf_getstring(ses.payload, &passwordlen); |
| 76 | 68 if (valid_user && passwordlen <= DROPBEAR_MAX_PASSWORD_LEN) { |
| 77 /* the first bytes of passwdcrypt are the salt */ | 69 /* the first bytes of passwdcrypt are the salt */ |
| 78 testcrypt = crypt(password, passwdcrypt); | 70 passwdcrypt = ses.authstate.pw_passwd; |
| 71 testcrypt = crypt(password, passwdcrypt); | |
| 72 } | |
| 79 m_burn(password, passwordlen); | 73 m_burn(password, passwordlen); |
| 80 m_free(password); | 74 m_free(password); |
| 75 | |
| 76 /* After we have got the payload contents we can exit if the username | |
| 77 is invalid. Invalid users have already been logged. */ | |
| 78 if (!valid_user) { | |
| 79 send_msg_userauth_failure(0, 1); | |
| 80 return; | |
| 81 } | |
| 82 | |
| 83 if (passwordlen > DROPBEAR_MAX_PASSWORD_LEN) { | |
| 84 dropbear_log(LOG_WARNING, | |
| 85 "Too-long password attempt for '%s' from %s", | |
| 86 ses.authstate.pw_name, | |
| 87 svr_ses.addrstring); | |
| 88 send_msg_userauth_failure(0, 1); | |
| 89 return; | |
| 90 } | |
| 81 | 91 |
| 82 if (testcrypt == NULL) { | 92 if (testcrypt == NULL) { |
| 83 /* crypt() with an invalid salt like "!!" */ | 93 /* crypt() with an invalid salt like "!!" */ |
| 84 dropbear_log(LOG_WARNING, "User account '%s' is locked", | 94 dropbear_log(LOG_WARNING, "User account '%s' is locked", |
| 85 ses.authstate.pw_name); | 95 ses.authstate.pw_name); |